Does Cisco ISE 1.2 support Catalyst SRW224G4P and Small business ESW520 Switches?

Similar Messages

• Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?

  Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?
  Im trying to follow the trustsec 2.1 guide on IP Phones into LowImpact mode.
  I can get a PC on its own to authenticate via dot1x/tls
  I can get a Cisco IP Phone on its own to authenticate via MAB.
  When the two are on the same switchport, the phone will authenticate but not the PC.  ISE logs EAP timeouts.
  The switchport has the LowImpact port ACL of
  ip access-group ACL-DEFAULT in
  The IP Phone gets a dACL that allows it ok.
  I assume MAB phone and dot1x PC is supported?  Any ideas?
  Thanks in advance.

  The ISE log detailed steps are as follows:
  Steps
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  Evaluating Service Selection Policy
  15048  Queried PIP
  15048  Queried PIP
  15004  Matched rule
  11507  Extracted EAP-Response/Identity
  12300  Prepared EAP-Request proposing PEAP with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12501  Extracted EAP-Response/NAK requesting to use EAP-TLS instead
  12500  Prepared EAP-Request proposing EAP-TLS with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12502  Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
  12800  Extracted first TLS record; TLS handshake started
  12805  Extracted TLS ClientHello message
  12806  Prepared TLS ServerHello message
  12807  Prepared TLS Certificate message
  12809  Prepared TLS CertificateRequest message
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  5411  No response received during 120 seconds on last EAP message sent to the client

• Cisco Small Business Pro Switch pricing...

  As a very long time Linksys user I am not totally unhappy that the Linksys name is no longer part of the product designation.
  We provide IT management and support to many SME businesses. Part of our management functions on behalf of our clients is to ensure value for money. From a Linksys aspect, in the past this meant a trade-off between value (low-cost - a Linksys benefit) and reliability and stability.
  On the one hand, we continuously had to monitor and test firmware upgrades before implementation. On the other hand we have many clients still running netwrok VPNs on 6 year old BEFVP41 units with no outages at all due to the equipment...
  With this experience in mind, we are anticipating that the Small Business Pro equipment is likely to be fully specified and tested, for which we will gladly recommend to our clients the higher prices commensurate with that reliability and stability.
  From this perspective, we have tested the SA520 and the AP541N and the initial results are favorable - they appear to be an improvement on the Linksys RVS4000 and the RV042. Pricing is higher, but not exorbitantly so.
  When looking at the switch pricing, however, I was unimpressed to find that the 24 port Gigabit switch is north of $1,300 - amost 3 times the price of the SRW2024.
  I realize that pricing is a corporate decision by Cisco - and I have no doubt that they do not want to have their Small Business Pro series cannibalizing the corporate switch sales. However, we cannot recommend this to client management as it is excessive. Given that we set the standards for all of our clients (and ALL of our clients are currently using LInksys products as an exclusive standard - we do not permit any other networking equipment), our choice is difficult:
  Do we stick with the Cisco Small Business Pro for the WAN aspects of client networks and evaluate other vendors for the LAN elements?
  Given that we have been badly burned by both Linksys One and Microsoft ResponsePoint, we specifically no longer specify IP voice systems by network vendors, so any infrastructure-specific advantages in this regard are not an issue.
  Any other perspectives on this?

  The Small Business Pro ESW 500 Switches actually differ from their Linksys and Cisco Small Business counterparts by these features:
  Better interoperability with Cisco and Cisco Small Business Pro products
  Cisco Discovery Protocol (CDP)
  EtherChannel
  Cisco Configuration Assistant configurability and manageability
  Integration with the Cisco Smart Business Communication System (SBCS) solution
  Smartport roles for easy configuration of switchports, both in the ESW Web GUI and in the Cisco Configuration Assistant program
  Ability to connect Cisco Unified IP Phones into an ESW switch as part of a SBCS deployment
  ESW 500 switches have a higher level of support than the Linksys and Small Business counterparts because Cisco Small Business Pro Service is offered on the ESW 500 switches
  The ESW 500 Web GUI is actually similar to the GUI found on the Linksys and Cisco Small Business counterparts. ESW 500 might actually be a better option with the SA500 because:
  CCA 2.2(1) and later can manage the SA500, the AP541N, and the ESW 500 switches, even if they are deployed outside of the SBCS solution.
  Cisco Small Business Pro Service is available on ESW switches, but not on Linksys or Cisco Small Business products

• Does Cisco ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 support command accouting like ACS

  Hi
  Can Anybody can update whether   ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
  Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting ..
  has succeed in  command level accounting on  Cisco ISE ..
  Please update
  Cisco ISE doesn't have TACACS feature ...

  Command Accounting is a TACACS+ feature so not for ISE....yet.
  However, you can do the following to send commands to syslog and not including passwords (hidekeys). I just picked 200 commands/lines to store in the local command buffer/log. increase or decrease as you have memory.  The notify syslog is what sends it via syslog.
  conf t
  archive
  log config
  logging enable
  logging size 200
  hidekeys
  notify syslog
  end
  wr mem
  Remember, syslog is clear text  :-)  log away from user traffic when possible.  Or use TLS based syslog when possible.
  I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
  Please rate post you consider useful.
  -James

• Cisco ISE 1.2 TLS 1.1 and 1.2

  I'm currently running ISE 1.2 patch 6 and I'm noticing that ISE does not use TLS 1.1 or 1.2 for the admin portal or the sponsor portal. I haven't tested the guest portal, but I'm assuming it applies there as well.
  Is the future release of ISE going to support the more secure TLS versions?

  I installed ise 1.3 and tried all cipher suites.
  For me it seems that ISE 1.3 uses only following 3 cipher-suites
  AES256-SHA
  AES128-SHA
  DES-CBC3-SHA
  https://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
  -> TLS1.0 suites

• Cisco ise 1.1.3 patch 3 and Windows 8

  Hello,
  Cisco NAC Agent does not display on my windows 8 computer. I have Cisco ise 1.1.3 and Nac Agent 9.8.0.52. Can you help me?

  I suspect the below listed defect here:
  CSCue41912    Posture : NAC agent not triggering on WIN8.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Cisco ISE User Authentication Certificates for Wired and Wirless Users (BYOD)

  Can any one tell me from where we can purchase User Authentication Certificates for Wired and Wireless Users (BYOD) for Cisco ISE. Also Confirm what certificates we required for the purpose.
  Please suggest the Website form where we can purchase and ipmort in Cisco ISE certificate Section.
  Thanks.

  Dear Mohana,
  Thanks for your reply, Can you please confirm me in regards EAP-TLS certificate, which authorities you recomend if i go to Go dadday or very Sign to buy it and then import in ISE.
  Looking forward for your reply.
  Regards,
  Muhammad Imran Shaikh
  Resident Engineer, IT Network Section - PPL
  Mobile : 0092-312-288-1010
  LinkedIn : pk.linkedin.com/pub/muhammad-imran-shaikh/10/471/b47/

• Does Cisco Aironet 1131G really support EAP-SIM ?

  Hello!
  I have tried to configure EAP-SIM authentication on Cisco Aironet 1131G for Wi-Fi Offload but unfortunately I couldnt make it work. As far as I understand the Wi-Fi standard it is fully supported in 802.11n within WPA2-Enterprise standard. I have read Cisco datasheet for 1131G where your are claiming that you support EAP-SIM in WPA2 also. I have tried to configure it according to configuration guide but it always requires to enter password key first when I try to connect to SSID with configured WPA2 and EAP-SIM. Can you please provide us with additional info how to properly configure AP or confirm that EAP-SIM needed for seamless 3G/Wi-Fi authentication is supported only within WPA2-Enterprise.
  BR,
  Denys

  Yes EAP-SIM  is supported by Cisco Aironet 1131G. For more detail about this product you can go to below link.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6087/product_data_sheet0900aecd801b9058.htmlhttp://

• Does Flash for iPhone/iPad support http (JSON) and .pdf loading?

  Hi everyone -
  I'll get to the point. I am aware that the iPhone/iPad dev kit for Flash has some performance issues, but I believe I am creating something REALLY simple that does not require complex animations (just menus and tweens). So my question(s) is this:
  -I need clarification on what network protocols I can use to send and receive data from my app. Can I send / receive JSON data? I know stuff like RTMP is not likely supported (I read it peripherally somewhere) but I want to make sure I can send content like JSON or XML.
  -Is it possible to launch a .pdf document from a flash mobile app (well, iPhone or iPad in this case) so that it stays within the application? I don't want it to display in a web browser within the device via some link. I read here
  http://help.adobe.com/en_US/as3/iphone/WS789ea67d3e73a8b24b55b57a124b32b5b57-7fff.html
  a reference to PDF support via HTMLLoader.pdfCapability as a check, but doesn't specify which devices (all devices? some? none)
  Any help on this would be appreciated. It's painful to write in objective c (at least to me )
  thanks
  Edward

  SVG charts from pre-4.0 versions of APEX work fine on iPhone/iPad.
  This feature was deprecated in APEX 4.0 without any obvious pre-announcement, a decision that, with an apparently permanently Flash-less iOS and indications that Microsoft intend to add native SVG support to IE, may have been somewhat premature?
  Ideally APEX would allow for transparent delivery of either Flash or SVG charts (based on an application preference), and the use of the standard graceful degradation feature of OBJECT elements to allow fail-over from the preferred format to the other where browser support is absent.

• Does teh topicid: protocol actually support anchor links and, if so, how?

  The Oracle® Fusion Middleware Developer's Guide for Oracle Help 11g Release 2 (http://docs.oracle.com/cd/E24382_01/doc.1112/e16280/ohff_tpcfile.htm#OHJWG213) says the following:
  The topicid protocol also supports anchor links. For example:
  *<a href="topicid:getting_started#advanced">Getting Started</a>*
  When the Getting Started link is clicked, Oracle Help references the map file and jumps to the advanced anchor position in HTML file associated with the link's topic ID.
  But I cannot seem to get anchor links to work. The HelpBook Previewer returns:
  *Error: topic id topicid#+fragid+ does not map to an URL.*
  I'd expect the topicid: protocol to work like a normal URL. A web browser resolves the URL part to find the file and then locates the fragment identifier within the file content. So I'd expect Oracle Help to locate the file by looking up the topic ID in the map file and then locate the fragment identifier in the content. But the error seems to be saying that Oracle Help expects a separate map entry for each topic ID and fragment ID combination, which hardly makes sense.
  Any advice would be much appreciated.

  Rodger,
  Thank you for your gracious welcome . . .
  and thank you for your swift response . . .
  and thank you for your information (and encouragement!).
  Yes, I read that too, but searched in vain for the specifity of, say, your direction:
  "Go ahead and update to 8.0.2, as it contains the 8.0.1 update."
  So I shall!
  Again, many thanks.

• How does the new HTML5 video Support work? and what are the limitations?

  So the new Edge has been relased along with many new features including HTML5 video support So along with the new feature here are a few new questions!
  How does Edge load the Video? is it fully preloaded before Edge shows the content ? Or is it more of a "youtube" pregressive load while playing?
  Or can we choose?
  What is the recommended video file size  example 4mb ?
  How does edge deal with browsers that only support .ogg or .webm instead of mp4?
  How is the support on ISO & tablets? load times, "lag" etc?

  When you import an audio or video file a group is created for you. You can import media with the same name(videosample.ogv; videosample.mp4) to this group for ensuring browser compatibility. The corresponding format will be chosen depending on the browser that loads the composition.
  Regarding WebM format - You can also add a webm file in your composition;However since this is a royalty format, Animate will not show a live preview inside the Authoring tool. If you browser supports this then it will definitely play fine on browser preview.
  You can take a look at the In-app Video lesson which is available to you in the lesson panel for more details on how this works.
  And yes you have pre-load options for HTML5 Video too, however progressive download is not available. You will need to use scripting using JS for getting this functionality.
  Hope this helps and do try this out.
  -Sujai

• Does Adobe Viewer on iPad support Search, Bookmark and Highlight Text?

  I would like to know if the Adobe Viewer for the iPad support the Search, Bookmark and Highlight Text features.... Or if some of these features are planned to be developed later and when.
  Thanks for your quick answer.

  Not yet. Those features are on the roadmap, but I can't offer an estimated time.

• Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

  does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
  ciscoISE/admin(config)# snmp-server ?
    community  Set community string
    contact    Text for mib object sysContact
    host       Specify hosts to receive SNMP notifications
    location   Text for mib object sysLocation
  ciscoISE/admin(config)# snmp-server
  Ciscoacs/admin(config)# snmp-server ?
    community  Set community string
    contact    Text for mib object sysContact
    host       Specify hosts to receive SNMP notifications
    location   Text for mib object sysLocation
  Ciscoacs/admin(config)# snmp-server

  No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
   http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

• How Cisco ISE 1.2 Base licenses are consumed and tracks concurrent endpoint connected to network

  Hello
  I am interested to know how the cisco ISE 1.2 base licences are consumed. As the cisco ise 1.2 user guide "The Base License is consumed whenever an authentication notification is received by Cisco ISE."
  Based on the above statement i have following queries :-
  Radius being the UDP based request, its only during the time endpoint is authenticated and authorized the base license is consumed and then its is released. Then how does cisco ISE tracks the concurrent endpoints connected to the network.
  Thanks
  Kumar

  thanks for the reply Tarik.
  As I understand, you mean that a base license is consumed by every radius authentication request and then the license is free to be utilised again
  Also would this means if Radius accounting is turned off, then concurrent sessions will not be tracked.
  Thanks
  Kumar

• Posture setup in Cisco ISE

  Dears
  I am trying to configure the posture for the ISE but the result is always " Posture status : pending " and the agent can access all network resources without any problem .
  please help

  Please review the below steps:
  Step 1 Choose Administration > System > Deployment >  Deployment.
  The Deployment navigation menu appears. Use the  Table view or the List view button to display the
  nodes in your deployment.
  Step 2 Click the Table view.
  Step 3 Click the quick picker (right arrow)  icon to view the nodes that are registered in your deployment.
  The Table view displays all the nodes that are  registered in a row format in the Deployment Nodes page.
  The Deployment Nodes page displays the Cisco ISE  nodes that you have registered along with their
  names, personas, roles, and the replication status  for the secondary nodes in your deployment.
  Step 4 Choose a Cisco ISE node from the  Deployment Nodes page.
  Note If you have more than one node that is  registered in a distributed deployment, all the nodes that
  you have registered appear in the Deployment Nodes  page, apart from the primary node. You
  have the option to configure each node as a Cisco  Cisco ISE node (Administration, Policy
  Service, and Monitoring personas) or an Inline  Posture node.
  Step 5 Click Edit.
  The Edit Node page appears. This page contains the  General settings tab that is used to configure the
  Cisco ISE deployment. This page also features the  Profiling Configuration tab, which is used to
  configure the probes on each node.
  Note If you have the Policy Service persona  disabled, or if enabled but the Enable Profiler services
  option is not selected, then the Cisco ISE  administrator user interface does not display the
  Profiling Configuration tab. If you have the Policy  Service persona disabled on any Cisco ISE
  node, Cisco ISE displays only the General settings  tab. It does not display the Profiling
  Configuration tab that prevents you from  configuring the probes on the node.
  Step 6 On the General settings tab, check  the Policy Service check box, if it is already active.
  If the Policy Service check box is unchecked, both  the session services and the Profiler service check
  boxes are disabled.
  Step 7 For the Policy Service persona to run  the Network Access, Posture, Guest, and Client Provisioning
  session services, check the Enable Session Services  check box, if it is not already active. To stop the
  session services, uncheck the Enable Session  Services check box.
  The posture service only runs on Cisco Cisco ISE  nodes that assume the Policy Service persona
  and does not run on Cisco Cisco ISE nodes that  assume the administration and monitoring
  personas in a distributed deployment.
  Step 8 Click Save to save the node  configuration.